Trunk promiscuous port configuration example

As shown in Figure 49, configure the private VLAN feature to meet the following requirements:

• VLANs 5 and 10 are primary VLANs on Device B. The uplink port Ten-GigabitEthernet 1/0/1 on Device B permits the packets from VLANs 5 and 10 to pass through tagged.

• On Device B, the downlink port Ten-GigabitEthernet 1/0/2 permits secondary VLAN 2. The downlink port Ten-GigabitEthernet 1/0/3 permits secondary VLAN 3. Secondary VLANs 2 and 3 are associated with primary VLAN 5.

• On Device B, the downlink port Ten-GigabitEthernet 1/0/6 permits secondary VLAN 6. The downlink port Ten-GigabitEthernet 1/0/8 permits secondary VLAN 8. Secondary VLANs 6 and 8 are associated with primary VLAN 10.

• Device A is aware of only VLANs 5 and 10 on Device B.

1. Configure Device B:

   # Configure VLANs 5 and 10 as primary VLANs.

   <DeviceB> system-view
   [DeviceB] vlan 5
   [DeviceB-vlan5] private-vlan primary
   [DeviceB-vlan5] quit
   [DeviceB] vlan 10
   [DeviceB-vlan10] private-vlan primary
   [DeviceB-vlan10] quit
   

   # Create VLANs 2, 3, 6, and 8.

   [DeviceB] vlan 2 to 3
   [DeviceB] vlan 6
   [DeviceB-vlan6] quit
   [DeviceB] vlan 8
   [DeviceB-vlan8] quit
   

   # Configure the uplink port Ten-GigabitEthernet 1/0/1 as a trunk promiscuous port of VLANs 5 and 10.

   [DeviceB] interface ten-gigabitethernet 1/0/1
   [DeviceB-Ten-GigabitEthernet1/0/1] port private-vlan 5 10 trunk promiscuous
   [DeviceB-Ten-GigabitEthernet1/0/1] quit
   

   # Assign the downlink port Ten-GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port.

   [DeviceB] interface ten-gigabitethernet 1/0/2
   [DeviceB-Ten-GigabitEthernet1/0/2] port access vlan 2
   [DeviceB-Ten-GigabitEthernet1/0/2] port private-vlan host
   [DeviceB-Ten-GigabitEthernet1/0/2] quit
   

   # Assign the downlink port Ten-GigabitEthernet 1/0/3 to VLAN 3, and configure the port as a host port.

   [DeviceB] interface ten-gigabitethernet 1/0/3
   [DeviceB-Ten-GigabitEthernet1/0/3] port access vlan 3
   [DeviceB-Ten-GigabitEthernet1/0/3] port private-vlan host
   [DeviceB-Ten-GigabitEthernet1/0/3] quit
   

   # Associate the secondary VLANs 2 and 3 with the primary VLAN 5.

   [DeviceB] vlan 5
   [DeviceB-vlan5] private-vlan secondary 2 to 3
   [DeviceB-vlan5] quit
   

   # Assign the downlink port Ten-GigabitEthernet 1/0/6 to VLAN 6, and configure the port as a host port.

   [DeviceB] interface ten-gigabitethernet 1/0/6
   [DeviceB-Ten-GigabitEthernet1/0/6] port access vlan 6
   [DeviceB-Ten-GigabitEthernet1/0/6] port private-vlan host
   [DeviceB-Ten-GigabitEthernet1/0/6] quit
   

   # Assign the downlink port Ten-GigabitEthernet 1/0/8 to VLAN 8, and configure the port as a host port.

   [DeviceB] interface ten-gigabitethernet 1/0/8
   [DeviceB-Ten-GigabitEthernet1/0/8] port access vlan 8
   [DeviceB-Ten-GigabitEthernet1/0/8] port private-vlan host
   [DeviceB-Ten-GigabitEthernet1/0/8] quit
   

   # Associate the secondary VLANs 6 and 8 with the primary VLAN 10.

   [DeviceB] vlan 10
   [DeviceB-vlan10] private-vlan secondary 6 8
   [DeviceB-vlan10] quit
   

2. Configure Device A:

   # Create VLANs 5 and 10.

   [DeviceA] vlan 5
   [DeviceA-vlan5] quit
   [DeviceA] vlan 10
   [DeviceA-vlan10] quit
   

   # Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 5 and 10 as a tagged VLAN member.

   [DeviceA] interface ten-gigabitethernet 1/0/1
   [DeviceA-Ten-GigabitEthernet1/0/1] port link-type hybrid
   [DeviceA-Ten-GigabitEthernet1/0/1] port hybrid vlan 5 10 tagged
   [DeviceA-Ten-GigabitEthernet1/0/1] quit
   

# Display primary VLAN configurations on Device B. The following output uses primary VLAN 5 as an example.

[DeviceB] display private-vlan 5
 Primary VLAN ID: 5
 Secondary VLAN ID: 2-3

 VLAN ID: 5
 VLAN type: Static
 Private VLAN type: Primary
 Route interface: Not configured
 Description: VLAN 0005
 Name: VLAN 0005
 Tagged   ports:
    Ten-GigabitEthernet1/0/1
 Untagged ports:
    Ten-GigabitEthernet1/0/2          Ten-GigabitEthernet1/0/3

 VLAN ID: 2
 VLAN type: Static
 Private VLAN type: Secondary
 Route interface: Not configured
 Description: VLAN 0002
 Name: VLAN 0002
 Tagged   ports:
    Ten-GigabitEthernet1/0/1
 Untagged ports:
    Ten-GigabitEthernet1/0/2

 VLAN ID: 3
 VLAN type: Static
 Private VLAN type: Secondary
 Route interface: Not configured
 Description: VLAN 0003
 Name: VLAN 0003
 Tagged   ports:
    Ten-GigabitEthernet1/0/1
 Untagged ports:
    Ten-GigabitEthernet1/0/3

The output shows that:

• The trunk promiscuous port Ten-GigabitEthernet 1/0/1 is a tagged member of primary VLAN 5 and secondary VLANs 2 and 3.

• The host port Ten-GigabitEthernet 1/0/2 is an untagged member of primary VLAN 5 and secondary VLAN 2.

• The host port Ten-GigabitEthernet 1/0/3 is an untagged member of primary VLAN 5 and secondary VLAN 3.